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(54) Method of and apparatus for protecting data on storage medium and storage medium 

(57) Disclosed are a method and an apparatus for 
protecting data on a storage medium by encrypting the 
data to be recorded on the storage medium with a pass- 
word. This method comprises a step of, generating, for 
changing key data on each memory unit by one pass- 
word, the key data, thereafter encrypting the key data 
with the password and writing the encrypted data to the 
storage medium, and a step of encrypting the data with 
the key data and encrypted data to the storage medium. 
The method further comprises a step of reading the 
encrypted key data from the storage medium, a step of 
decoding the encrypted key data with the password, 
and a step of decoding the data on the storage medium 
with the decoded key data. The encryption is done by 
using the key data generated separately from the pass- 
word, and it is therefore feasible to prevent the pass- 
word from being analyzed by decoding a cipher text. 
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Description 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001] The present invention relates to a method of and an apparatus for protecting data on a storage medium, which 
are intended to protect the data to be recorded on the storage medium by encrypting the data with a password, and to 
the storage medium thereof in an information processing appliance. Description of the Related Art 
[0002] A storage device utilizing an optical disk, a magnetic disk and an IC card etc, is utilized for a variety of infor- 
mation processing appliances such as a computer, a word processor and an electronic book etc. Information such as 
information related to privacy and confidential information in terms of duties, which should not be known by persons 
other than an owner, might be written to this type of storage device. It is required that the data be encrypted in order to 
make such information unknown by others. 
[0003] FIG. 1 5 is an explanatory diagram showing the prior art. 

[0004] A password is set on a storage medium 90 such as an optical disk etc or on a storage device. When writing 
the data, an encrypting unit 91 encrypts the data with the password, and the encrypted data is written to the storage 
medium 90. Further, when reading the data, a decoding unit 92 decodes the data on the storage medium 90 with a 
password. 

[0005] Thus, a data confidentiality can be kept by encrypting the data. In this connection, there has hitherto been a 
method of setting one password on the whole storage medium. There also has been a method of setting passwords 
different based on a file unit of the storage medium. 
[0006] There arise, however, the problems inherent in the prior art. 

[0007] First, as cipher texts defined as samples or combinations of the cipher texts with unencrypted plain texts 
become larger in quantity, the decryption by a decipherer becomes easier. A result into which the same plain text is 
encrypted with the same password, is equal. Therefore, when encrypted directly with the same password, a statistic 
characteristic of the cipher text reflects in a statistic character of the plain text. Accordingly, a conventional method of 
encrypting with the same password on the storage medium presents such a problem that if a volume of the cipher texts 
is large enough to make a statistic process executable, the characteristics of the plain texts can be presumed easily. 
[0008] Second, a large capacity storage medium such an optical disk etc is stored with the data, of which some por- 
tion such as a directory portion is structured in a fixed format. A problem peculiar to the conventional method of encrypt- 
ing with the same password on the storage medium is that the password is presumed by akalyzing this portion, in which 
case other vital data are to be deciphered. 

[0009] Third, according to the conventional method of setting the password per file, when the password of some por- 
tion is decrypted, other portions can be prevented from being decrypted. In this case, however, it is required that he dif- 
ferent password be managed per file. This operation is troublesome and might cause a problem in which a fault such 
as forgetting the password and so on is easy to occur. 

[0010] Fourth, in the large capacity exchangeable storage medium such as an optical disk etc, it is possible to carry 
the storage medium out and copy the storage medium. Therefore, the once-encrypted data is carried out and may be 
analyzed later on taking a sufficient period of time. Accordingly, the problem is that the password is easy to be pre- 
sumed from the cipher text. 

[001 1 ] A fifth, problem is that the data has hitherto been encrypted directly with the password, and hence, if the pass- 
word is changed, the whole data are required to be re-encrypted. 

SUMMARY OF THE INVENTION 

[0012] It is a primary object of the present invention to provide a method of and an apparatus for protecting data on 
a storage medium, wherein a password is hard to be analyzed from a cipher text. 

[0013] It is another object of the present invention to provide a method of and an apparatus for protecting data on a 
storage medium that are capable of changing key data with one password on a memory unit. 
[0014] It is still another object of the present invention to provide a method of and an apparatus for protecting data on 
a storage medium, wherein re-encryption of data is not needed even when a password is changed. 
[001 5] A method of protecting data on a storage medium according to the present invention has a write mode includ- 
ing a step of encrypting, after generating key data, the key data with a password and writing the encrypted key data to 
the storage medium, and a step of encrypting data with the key data and writing the encrypted data to the storage 
medium. The data protecting method also has a read mode including a step of reading the encrypted key data from the 
storage medium, a step of decoding the encrypted key data with the password, and a step of decoding the data on the 
storage medium with the decoded key data. 
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[0016] According to the present invention, the data is encrypted not by using the password directly as an encryption 
key but by using key data generated separately. The key data encrypted with the password serving as a key, and written 
to the storage medium. When in the reading process, the encrypted key data is decoded with the password, thereby 
obtaining the key data. Then, the data is decoded with the key data. 
5 [0017] Thus, the data is encrypted by use of the key data generated separately from the password, whereby the 
encrypted key data is, even if a cipher text is to be analyzed, merely decrypted. The password and the key data are 
therefore hard to be analyzed. This makes it feasible to prevent the password from being deciphered by analyzing the 
cipher text. 

[0018] Further, since the encryption is done using the key data generated separately from the password, a key differ- 
10 ent based on the memory unit such as a sector etc can be imparted to one password by changing the key data. Con- 
sequently, the encryption can be accomplished by use of the key different per logic sector, whereby a data 
confidentiality can be enhanced. 

[001 9] Furthermore, the encryption is carried out by using the key data generated separately from the password, and 
therefore, even if the password is changed, the data is not required to be re-encrypted. Hence, the password can be 
is easily changed on even a storage medium having a capacity as large as several hundred mega bytes. 

[0020] Other features and advantages of the present invention will become readily apparent from the following 
description taken in conjunction with the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

20 

[0021] The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate 
presently preferred embodiments of the invention, and together with the general description given above and the 
detailed description of the preferred embodiments given below, serve to explain the principle of the invention, in which: 

25 FIG. 1 is a block diagram showing one embodiment of the present invention; 

FIG. 2 is a processing flowchart when in a logical formatting process in a first embodiment of the present invention; 

FIG. 3 is a flowchart showing a writing process in the first embodiment of the present invention; 

FIG 4 is an explanatory diagram showing a storage region in the first embodiment of the present invention; 

FIG. 5 is an explanatory diagram showing key data in the first embodiment of the present invention; 
30 FIG. 6 is a flowchart showing a reading process in the first embodiment of the present invention; 

FIG. 7 is a flowchart showing a writing process in a second embodiment of the present invention; 

FIG. 8 is a flowchart showing the writing process in a third embodiment of the present invention; 

FIG. 9 is an explanatory diagram showing the key data in the third embodiment of the present invention; 

FIG. 10 is a flowchart showing the reading process in the third embodiment of the present invention; 
35 FIG. 1 1 is an explanatory diagram showing a fourth embodiment of the present invention; 

FIG. 12 is a flowchart showing a writing process in the fourth embodiment of the present invention; 

FIG. 1 3 is a flowchart (part 1 ) showing a password changing process in the fourth embodiment of the present inven- 
tion; 

FIG. 14 is a flowchart (part 2) showing the password changing process in the fourth embodiment of the present 
40 invention; and 

FIG. 15 is an explanatory diagram showing the prior art. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

45 [0022] FIG. 1 is a block diagram showing one embodiment of the present invention. FIG. 2 is a processing flowchart 
when in a logical format in a first embodiment of the present invention. FIG. 3 is a flowchart showing a writing process 
in the first embodiment of the present invention. FIG. 4 is an explanatory diagram showing a storage area in the first 
embodiment of the present invention. FIG. 5 is an explanatory diagram showing key data in the first embodiment of the 
present invention. FIG. 6 is a flowchart showing a reading process in the first embodiment of the present invention. 

so [0023] As shown in FIG. 1 , a storage medium 1 is constructed of a magneto-optic disk. A logic sector size of the stor- 
age medium 1 is set to 2 KB (kilo bytes). A control circuit 2 is constructed of a processor. A first encrypting unit 20 
encrypts key data PS with a password PW inputted by a user, and writes encrypted key data PS' onto the storage 
medium 1 . 

[0024] A second encrypting unit 21 encrypts the data to be written with the key data PS, and writes the encrypted 
55 data onto the storage medium 1 . A first decoding unit 22 decodes with the password PW the key data PS* encrypted on 
the storage medium 1. A second decoding unit 23 decodes the data on the storage medium 1 with the key data PS 
decoded, and outputs the data. A memory 3 provides an operation region of a control circuit (hereinafter referred to as 
a CPU). Note that the first and second encrypting units 20, 21 and the first and second decoding units 22, 23 are shown 
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in the form of blocks as processes by the CPU 2. 

[0025] Referring to FIG. 2, a process when creating a logical format of the medium will be explained. The following 
processes are executed when creating the medium logical format defined as an initial process of the medium. 

(51) The user inputs the user password PW to the CPU 2. 

(52) The CPU 2 generates random numbers (each consisting of 8 bytes) for the number of sectors. This random 
number is defined as the key data PS. Hereinafter, the explanation is given on the assumption that M n w be the 
number of sectors, and random numbers PS[1] - PS[n] be generated. 

(53) The CPU 2 makes the random numbers (random data) PS Q (PS[1] -PS[n]) for the number of sectors stored 
in the operation region of the memory 3. 

(54) The CPU 2 encrypts each piece of key data PS[1] - PS[n] in the operation region with the password PW. As a 
matter of course, the whole key data PS[1] - PS[n] in the operation region may also be encrypted with the pass- 
word. 

(55) The CPU 2 writes the encrypted key data PS'[1] - PS'[n] to a region L1 on the storage medium 1. 

[0026] As illustrated in FIG. 4, the logical format of the storage medium (disk) 1 is shown by each sector. This sector 
addressed based on a logical block address LBA. Herein, in FIG. 4, there are provided X-pieces of sectors of logical 
block addresses LBA being [1] through [X]. 

[0027] The region L1 for a-sector starting from a head sector (LBA = 1) within the storage area of the optical disk, is 
allocated as a storage region for the encrypted key data PS'[1] - PS'[n]. namely, the number of sectors in a using region 
of the data is n (= (X-a)), and, per section in the using region, the encrypted key data PS'[1] - PS'[n] are stored in the 
region L1. 

[0028] Next, a writing process to the medium will be explained with reference to FIG. 3. 

(510) It is assumed that there occurs a request for writing to a position in which the logical block address (sector 
number) LBA is [SO]. The sector number LBA requested is changed to [S1] so that the write request position is not 
overlapped with the region L1 . Herein, as shown in FIG. 4, a size [a] of the region L1 is added to the sector number 
[SO], thereby obtaining the changed sector number [S1]. 

(511) The CPU 2 judges whether or not the data (encrypted key data) in the region L1 on the optical disk 1 have 
already been read out. If already read out, the key data are developed in the operation region of the memory 3, and 
hence the processing proceeds to step S14. 

(512) The CPU 2, if the data in the region L1 have not been read out, executes a process of developing the key 
data in the operation region of the memory 3. Namely, the CPU 2 obtains the user password PW. Then, the CPU 2 
reads the data PS'[1] - PS'[n] from the region L1 on the optical disk 1 . 

(513) The CPU 2 decodes the data PS'[1] - PS'[n] in the region L1 with the password PW. The data PS'[1] - PS'[n] 
are thereby obtained. The data PS'[1] - PS'[n] are stored in the operation region of the memory 3. 

(514) The CPU 2 obtains key data PS[S0] of the logical block address (sector number) LBA (= SO) out of the key 
data in the operation region of the memory 3. As shown in FIG. 5, the key data PS[S0] corresponding to the logical 
block address LBA is obtained from a key data table in the operation region of the memory 3. Then, the CPU 2 
encrypts the data to be written with this piece of key data PS[S0]. An encrypting method may involve the use of 
known DES etc. 

(515) The CPU 2 writes the encrypted data to a position of the logical block address LBA (= S1) on the optical disk 



[0029] Next, the reading process will be described referring to FIG. 6. 

(520) It is presumed that there occurs a request for reading from a position where the logical block address (sector 
number) LBA is [SO]. The sector number LBA requested is changed to [S1] so that the read request position is not 
overlapped with the region L1. Herein, as shown in FIG. 4, the size [a] of the region L1 is added to the sector 
number [SO], thereby obtaining the changed sector number [S1], 

(521) The CPU 2 judges whether or not the data encrypted key data) in the region L1 on the optical disk 1 have 
already been read out. If already read out, since the key data are developed in the operation region of the memory 
3, the processing proceeds to step S24. 

(522) The CPU 2, if the data in the region L1 have not been read out, executes a process of developing the key 
data in the operation region of the memory 3. Namely, the CPU 2 obtains the user password PW. Then, the CPU 2 
reads the data PS'[1] - PS'[n] from the region L1 on the optical disk 1 . 

(523) The CPU 2 decodes the data PS'[1] - PS'[n] in the region L1 with the password PW. The key data PS[1] - 
PS[n] are thereby obtained. The key data PS[1] - PS[n] are stored in the operation region of the memory 3. 
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(S24) The CPU 2 obtains key data PS[S0] of the logical block address (sector number) LBA (= SO) out of the key 
data in the operation region of the memory 3. As shown in FIG. 5, the key data PS[S0] corresponding to the logical 
block address LBA is obtained from the key data table in the operation region of the memory 3. Then, the CPU 2 
reads in the logical block address S1 from the optical disk 1 . Further, the CPU 2 decodes the thus read data with 
5 the key data PS[S0]. A decoding method may involve the use of known DES etc. The CPU 2 transmits the decoded 

data to a requesting terminal (e.g., a computer). 

[0030] Thus, when creating the logical format of the medium, the random number is generated per logic sector, 
thereby generating the key data per logic sector. Then, the key data encrypted with the password is written to the stor- 
10 age medium 1 . When in the data writing process, the data are encrypted with the key data and written to the storage 
medium 1. 

[0031] When in the data reading process, the encrypted key data on the storage medium 1 are read and thereafter 
decided with the password, thereby obtaining the key data. Then, the data read from the storage medium are decoded 
with this piece of key data. 

75 [0032] As described above, the data are encrypted with the key data generated separately from the password, with 
the result that the encrypted key data is, even if a cipher text is analyzed, merely decoded. Therefore, the password and 
the key data are analyzed with difficulty. This makes it possible to prevent the password from being decoded by analyz- 
ing the cipher text. 

[0033] Further, the encryption is executed by using the key data generated separately from the password, and there- 
to fore a different key can be imparted based on the logic sector unit by changing the key data with respect to one pass- 
word. Hence, the data can be encrypted by using the different key per logic sector, whereby the confidentiality of the 
data can be enhanced. 

[0034] Note that the region L1 is provided in the part of the smaller logical block address but may be stored in a part 
of the maximum logical block address. 
25 [0035] FIG. 7 is a flowchart showing a writing process in a second embodiment of the present invention. Referring to 
FIG. 7, the writing process to the medium will be explained. The process in the case of creating the logical format of the 
medium is executed in the same way as done in the embodiment in FIG. 2, the encrypted key data of each logic sector 
is stored on the storage medium 1 . 

30 (S30) It is presumed that there occurs a request for writing to a position where the logical block address (sector 
number) LBA is [SO]. The sector number LBA requested is changed to [S1] so that the write request position is not 
overlapped with the region L1. Herein, as shown in FIG. 4, the size [a] of the region L1 is added to the sector 
number [SO], thereby obtaining the changed sector number [S1]. 

(531) The CPU 2 judges whether or not the data (encrypted key data) in the region L1 on the optical disk 1 have 
35 already been read out. If already read out, since the key data are developed in the operation region of the memory 

3, the processing proceeds to step S34. 

(532) The CPU 2, if the data in the region L1 have not been read out, executes the process of developing the key 
data in the operation region of the memory 3. Namely, the CPU 2 obtains the user password PW. Then, the CPU 2 
reads the data PS'[1] - PS'[n] from the region L1 on the optical disk 1 . 

40 (S33) The CPU 2 decodes the data PS'[1] - PS'[n] in the region L1 with the password PW. The key data PS[1] - 
PS[n] are thereby obtained. The key data PS[1] - PS[n] are stored in the operation region of the memory 3. 
(S34) The CPU 2 generates a random number R. Subsequently, the CPU 2 writes the random number R to the key 
data PS[S0] in the key data logical block address (sector number) LBA (= SO) in the operation region of the memory 
3. 

45 (S35) Then, the CPU 2 encrypts the data to be written with this piece of key data (random number R). The encrypt- 
ing method may involve the use of known DES etc. The CPU 2 writes the encrypted data to a position of the logical 
block address LBA ( = S1) on the optical disk 1. 

(536) The CPU 2 rewrites the data in the region L1 on the optical disk 1 at a proper timing. That is, the CPU 2, if a 
value WC of a write counter for indicating the number of writing processes exceeds, e.g., 32, proceeds to step S37 

so in order to rewrite the data in the region L1 for insurance. It is the reason why the writing process is done at an inter- 
val of a predetermined number of times that a data recovery of some extent is to be compensated even if there 
occurs such a situation that a process of ejecting the medium can not be executed due to an occurrence of some- 
thing abnormal. The numerical value such as 32 times may be arbitrary. This process is not the indispensable con- 
dition for the present invention. Further, the CPU 2, when requested to eject the storage medium 1, proceeds to 

55 step s37 in order to save the key data. Moreover, the CPU 2, of the power source is switched OFF, advances to step 
S37 to save the key data. 

(537) The CPU 2 encrypts each piece of the key data PS[1] - PS[n] in the operation region with the password PW. 
As a matter of course, the whole key data PS[1] - PS[n] in the operation region may also be encrypted with the 



5 



EP0 950 941 A2 



password. Next, the CPU 2 writes the encrypted key data PS'[1] - PS'[n] to the region L1 on the storage medium 1 . 

[0036] In accordance with the second embodiment, in addition to the operation in the first embodiment, the different 
key data is generated each time the data is written. Therefore, the encryption is executed using the different key data 
5 each time the data is written, thereby enhancing the confidentiality of the data. Note that the reading process is the 
same as in the first embodiment in FIG. 6, so that its explanation is omitted. 

[0037] FIG. 8 is a flowchart showing a writing process in a third embodiment of the present invention. FIG. 9 is an 
explanatory diagram showing the key data in the third embodiment of the present invention. FIG. 1 0 is a flowchart show- 
ing the reading process in the third embodiment of the present invention. 

w [0038] When in a medium logical formatting process, as in the first embodiment shown in FIG. 2, the region L1 on the 
optical disk 1 is stored with encrypted key data PS [1] - PS'[512]. Herein, however, the encrypted data is not stored per 
logic sector. For example, it is assumed that a capacity of the region L1 be 4 KB. Then, supposing that the password 
be an 8-byte/entry, as shown in FIG. 9, 512-pieces of keywords (entries) PS[1] - PS[512] are generated. Subsequently, 
the region L1 is stored with the 512-pieces of encrypted key words PS'[1] - PS'[512]. 

15 [0039] The writing process is described with reference to FIG. 8. 

(540) It is presumed that there occurs a request for writing to a position where the logical block address (sector 
number) LBA is [SO]. The sector number LBA requested is changed to [S1] so that the write request position is not 
overlapped with the region L1 . Herein, as shown in FIG. 4, the size [a] of the region L1 is added to the sector 

20 number [SO], thereby obtaining the changed sector number [S1]. 

(541) The CPU 2 judges whether or not the data (encrypted key data) in the region L1 on the optical disk 1 have 
already been read out. If already read out, since the key data are developed in the operation region of the memory 
3, the processing proceeds to step S44. 

(542) The CPU 2, if the data in the region L1 have not been read out, executes the process of developing the key 
25 data in the operation region of the memory 3. Namely, the CPU 2 obtains the user password PW. Then, the CPU 2 

reads the data PS'[1] - PS'[n] from the region L1 on the optical disk 1 . 

(543) The CPU 2 decodes the data PS'[1] - PS'[n] in the region L1 with the password PW. The key data PS[1] - 
PS[n] are thereby obtained. The key data PS[ ] (PS[1] - PS[n] are stored in the operation region of the memory 3. 

(544) The CPU 2 obtains four values R0, R1 , R2, R3 from the sector number SO requested. Herein, the logic sector 
30 number SO is assumed to be a bit string of 32 bits, and 32 bits are rearranged by 8 bits to the individual values R0, 

R1 , R2, R3. R0 - R3 take values above 0 but less then 256. Then, with R0 - R3 serving as an index, random number 
values (key data) are taken out of PS[ ] in the operation region of the memory 3. Based on the thus taken-out four 
values, an 8-byte random number (key data) R is generated. 

Herein, as shown in FIG. 9, the key data PS[R0] corresponding to R0 is taken out, and key data [R1 + 256] 
35 corresponding to (R1 + 256) is taken out. Key data PS [R2 + 256] corresponding to R2 is taken out. and key data 
PS [R3] corresponding to R3 is taken out. 

Then, the key data R is calculated by the following arithmetic formula: 

R = (PS[R0] * PS[R1 + 256]) * (PS[R2 + 256] + PS[R3]) 

40 

where [*] represents an EOR calculation. 

(545) Then, the CPU 2 encrypts the data to be written with this piece of key data R. The encrypting method may 
involve the use of known DES etc. The CPU 2 writes this piece of encrypted data to a position of the logical block 
address LBA (= S1 ) on the optical disk 1 . 

45 

[0040] Next, the reading process is explained with reference to FIG. 10. 

(550) It is presumed that there occurs a request for reading from a position where the logical block address (sector 
number) LBA is [SO]. The sector number LBA requested is changed to [S1] so that the read request position is not 

so overlapped with the region LI. Herein, as shown in FIG. 4, the size [a] of the region L1 is added to the sector 
number [SO], thereby obtaining the changed sector number [S1]. 

(551) The CPU 2 judges whether or not the data (encrypted key data) in the region L1 on the optical disk 1 have 
already been read out. If already read out, the key data are developed in the operation region of the memory 3, and 
hence the processing proceeds to step S54. 

55 (S52) The CPU 2, if the data in the region L1 have not been read out, executes the process of developing the key 
data in the operation region of the memory 3. Namely, the CPU 2 obtains the user password PW. Then, the CPU 2 
reads the data PS'[1] - PS'[n] from the region L1 on the optical disk 1 . 

(S53) The CPU 2 decodes the data PS'[1] - PS'[n] in the region L1 with the password PW. The key data PS[1] - 
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PS[n] are thereby obtained. The key data PS[ ] (PS[1] - PS[n]) are stored in the operation region of the memory 3. 

(554) The CPU 2 obtains the four values RO, R1, R2, R3 from the sector number SO requested. Herein, the logic 
sector number SO is assumed to be a bit string of 32 bits, and 32 bits are rearranged by 8 bits to the individual val- 
ues RO, R1 , R2, R3. RO - R3 take values above 0 but less then 256. Then, with RO - R3 serving as an index, random 

5 number values (key data) are taken out of PS[ ] in the operation region of the memory 3. Based on the thus taken- 

out four values, the 8-byte random number (key data) R is generated. 

Herein, as shown in FIG. 9, the key data PS[R0] corresponding to RO is taken out, and the key data [R1 + 256] 
corresponding to (R1 + 256) is taken out. The key data PS [R2 + 256] corresponding to R2 is taken out, and the 
key data PS [R3] corresponding to R3 is taken out. Then, the key data R is calculated by the above-mentioned 

10 arithmetic formula. 

(555) Then, the CPU 2 reads the data in the logical block address LBA (= S1) from the optical disk 1. Further, the 
CPU 2 decodes the read data with this piece of key data R. The decoding method may involve the use of known 
DES etc. 

is [0041] The size of the region L1 on the optical disk 1 can be made smaller in the third embodiment than in the first 
embodiment. Namely, it is required in the first embodiment that the same number of pieces of key data as the number 
of the logic sectors be stored. For instance, supposing that one sector be 2 KB, the storage capacity be 600 MB and 
the key data be 8 bytes, the region L1 is required to have a capacity of 2.4 MB. In the third embodiment, 512-pieces of 
key data are stored, and therefore approximately 4 KB may suffice for the region L1 . 

20 [0042] Besides, even with such settings, the random number is generated based upon the calculation, and hence the 
key data different per sector can be obtained. 

[0043] FIG. 11 is an explanatory diagram showing a fourth embodiment of the present invention. FIG. 1 2 is a flowchart 
showing the writing process in the fourth embodiment of the present invention. 

[0044] The fourth embodiment shows, in addition to what has been shown in the third embodiment, a method capable 
25 of using a plurality of user passwords. As shown in FIG. 11 , an n-number of users are accepted, and therefore pass- 
words PW1 - PWn are set per user. On the assumption that the password consists of 8 bytes, corresponding to each 
user, the optical disk 1 is provided with 8-byte (a size of PW1) regions 12 - Ln and 8-byte regions C1 - Cn. 
[0045] When creating the logical format of the storage medium, as in the third embodiment, what is obtained by 
encrypting the random number data with the user password PW1 is written to the region L1 . 
30 [0046] In addition, an authentication character string DC1 of the password is generated, and what is obtained by 
encrypting the character string DC1 with the password PW1 is written to the region C1 . Further, what is obtained by 
encrypting the password PW1 with PW2 is written to the region 12, and what results from encryption of the password 
PW1 with PWn is written to the region Ln. 

[0047] Moreover, what is acquired by encrypting an authentication character string DC2 of the password PW2 with 
35 the password PW2, is written to the region C2. Hereinafter, what results from encryption of the authentication character 
string DCn of the password PWn with the password PWn, is written to the region Cn. 

[0048] The authentication character string of each password serves to authenticate whether the inputted password is 
correct or not. This authentication character string may be structured of a confidential character string peculiar to the 
system or composed of a value (e.g., an exclusive OR of a password PWi and a certain specified character string) cal- 
40 culated from the password Pwi. 

[0049] Next, the data writing/reading process in the case of using the user password is executed in the same way with 
the third embodiment shown in FIGS. 8 and 10. 

[0050] The data writing process when using the user password PWi (i > 1) is explained referring to FIG. 12. 

45 (S60) It is presumed that there occurs a request for writing to a position where the logical block address (sector 
number) LBA is [SO]. The sector number LBA requested is changed to [S1] so that the write request position is not 
overlapped with the region L1. Herein, as shown in FIG. 4, the size [a] of the region L1 is added to the sector 
number [SO], thereby obtaining the changed sector number [S1]. 

(561) The CPU 2 judges whether or not the data (encrypted key data) in the region L1 on the optical disk 1 have 
so already been read out. If already read out, the key data are developed in the operation region of the memory 3, and 

hence the processing proceeds to step S64. 

(562) The CPU 2. if the data in the region L1 have not been read out, executes the process of developing the key 
data in the operation region of the memory 3. Namely, the CPU 2 obtains the user password PWi. Then, the CPU 
2 reads the data from a region Li and decodes the read data with the password Pwi. The password PW1 is thereby 

55 obtained, on the optical disk 1 . 

(563) Next, the CPU 2 reads the data PS'[1] - PS [n] from the region L1 on the optical disk 1 . The CPU 2 decodes 
the data PS[1] - PS*[n] in the region L1 with the password PW1 . The key data PS[1] - PS[n] are thereby obtained. 
The key data PS[ ] (PS[1] -P5[n]) are stored in the operation region of the memory 3. 
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(S64) The CPU 2 obtains four values RO, R1 , R2, R3 from the sector number SO requested. Herein, the logic sector 
number SO is assumed to be a bit string of 32 bits, and 32 bits are rearranged by 8 bits to the individual values RO, 
R1 , R2, R3. Then, with RO - R3 serving as an index, the random number values (key data) are taken out of PS[ ] in 
the operation region of the memory 3. Based on the thus taken-out four values, the 8-byte random number (key 
5 data) R is generated. 

Herein, as shown in FIG. 9, the key data PS[R0] corresponding to RO is taken out, and the key data [R1 + 256] 
corresponding to (R1 + 256) is taken out. The key data PS [R2 + 256] corresponding to R2 is taken out, and the 
key data PS [R3] corresponding to R3 is taken out. Then, the key data R is calculated by the above-described arith- 
metic formula. 

10 (S65) Then, the CPU 2 encrypts the data to be written with this piece of key data R. The encrypting method may 
involve the use of known DES etc. The CPU 2 writes this piece of encrypted data to a position of the logical block 
address LBA (= S1) on the optical disk 1 . 

[0051 ] Thus, the plurality of user passwords can be used. 
15 [0052] FIG. 13 is a flowchart (part 1) showing a password changing process in a fourth embodiment of the present 
invention. FIG. 14 is a flowchart (part 2) showing the password changing process in the fourth embodiment of the 
present invention. 

[0053] In the construction shown in FIG. 11, a process of changing the user password PW1 will be explained with 
reference to FIG. 13. 

20 

(570) The CPU 2 obtains the old password PW1 and a new password PWT as well. 

(571) The CPU 2 reads the data from the regions L1 and C1 on the optical disk 1. 

(572) The CPU 2 decodes the encrypted key data in the region L1 with the password PW1, thereby obtaining the 
key data PS[ ]. Then, the CPU 2 decodes the data in the region C1 with the password PW1. Further, the CPU 2 

25 judges from the decoded authentication character string whether the password PW1 is valid or not. If the password 
is invalid, there must be, it is conceived, an error. 

(573) The CPU 2 encrypts the key data PS[ ] with the new password PWT and writes the encrypted data to the 
region L1 on the optical disk 1. 

(574) Next, the CPU 2 creates an authentication character string DCV with respect to the new password PW1\ 
30 Then, the CPU 2 encrypts the authentication character string DC1 ' with the new password PW1 \ thereby obtaining 

a write value C1 '. Further, the CPU 2 writes the write value C1 ' to the region C1 on the optical disk 1 . 

[0054] The old password, of which the validity is thus confirmed, can be changed to the new password. Besides, the 
password can be changed without any necessity for re-encryption of the data. This method is effective in the case of 

35 the user password being single. 

[0055] In the case of setting the plurality of user passwords, when changed to the new password by executing the 
process in FIG. 13. no data access can be done by using the user passwords PW2 - PWn. If this is inconvenient when 
the plurality of user passwords PW2 - PWn are set, the password PW1 is not used as the user password, and only the 
user password PWi (i > 1) may be used as the user password. 

40 [0056] A process of changing this user password PWi (i> 1) is explained with reference to FIG. 14. 

(580) The CPU 2 obtains the old password PWi and a new password PWi' as well. 

(581) The CPU 2 reads the data from the regions Li and Ci on the optical disk 1. 

(582) The CPU 2 decodes the encrypted key data in the region Li with the password PWi, thereby obtaining the 
45 password PW1 . Then, the CPU 2 decodes the data in the region Ci with the password PWi. Further, the CPU 2 

judges from the decoded authentication character string whether the password PWi is valid or not. If the password 
is invalid, there must be, it is conceived, an error. 

(583) The CPU 2 encrypts the password PW1 with the new password PWi* and writes the encrypted data to the 
region Li on the optical disk 1 . 

so (S84) Next, the CPU 2 creates the authentication character string DCi* with respect to the new password PWi'. 
Then, the CPU 2 encrypts the authentication character string DCi' with the new password PWi*, thereby obtaining 
a write value Ci. Further, the CPU 2 writes the write value Ci' to the region Ci on the optical disk 1 . 

[0057] The old password PWi, of which the validity, is thus confirmed, can be changed. In this embodiment also, the 
55 password can be changed without any necessity for re-encryption of the data. 

[0058] Other than the embodiment discussed above, the present invention can be modified as follows: 

(1) The storage medium has bee explained so far in the form of the magneto-optic disk, and other applicable stor- 
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age mediums may be an optical disk, a magnetic disk and an IC card etc. 

(2) The arithmetic formula for obtaining the random number R may include an application of other arithmetic formu- 
lae. 

[0059] The present invention has been discussed so far by way of the embodiments but may be modified in a variety 
of forms within the range of the gist of the present invention, and those modifications are not excluded from the scope 
of the present invention. 

[0060] As discussed above, the present invention exhibits the following effects. 

(1) The data is encrypted not by using the password directly as the encryption key but by using the key data gen- 
erated separately from the password. Even if the cipher text is analyzed, the encrypted key data is merely decoded. 
Therefore, the password and the key data are analyzed with difficulty. This makes it possible to prevent the pass- 
word from being decoded by analyzing the cipher text. 

(2) Further, the encryption is executed by using the key data generated separately from the password, and there- 
fore a different key can be imparted based on the logic sector unit by changing the key data with respect to one 
password. Hence, the data can be encrypted by using the different key per logic sector, whereby the confidentiality 
of the data can be enhanced. 

(3) Moreover, the data is encrypted by use of the key data generated separately from the password, and therefore, 
even when the password is changed, the re-encryption of the data is not required. Hence, the password can be 
easily changed with respect to the storage medium having a capacity as large as several hundred mega bytes. 

Claims 

1 . A storage medium data protecting method of protecting data on a storage medium, comprising: 

a step of generating key data, encrypting the key data with a password, and writing the encrypted key data to 
said storage medium; 

a step of encrypting the data with the key data, and writing the encrypted data to said storage medium; 

a step of reading the encrypted key data from said storage medium; 

a step of decoding the encrypted key data with the password; and 

a step of decoding the data on said storage medium with the decoded key data. 

2. A storage medium data protecting method according to claim 1 , wherein said key data generating step comprises 
a step of generating the key data per logic sector on said storage medium. 

3. A storage medium data protecting method according to claim 2, wherein said key data generating step comprises 
a step of generating the key data per logic sector on said storage medium when writing the data. 

4. A storage medium data protecting method according to claim 1 , wherein said key data generating step comprises 
a step of generating the key data by combining a predetermined number of pieces of random data. 

5. A storage medium data protecting method according to claim 1 , further comprising: 

a step of decoding, after reading the encrypted key data from said storage medium, the encrypted key data 
with an old password designated by a user; and 

a step of writing, after encrypting the decoded key data with a new password designated by the user, the 
encrypted key data to said storage medium. 

6. A storage medium data protecting method according to claim 1 , wherein said step of writing the encrypted key data 
to said storage medium comprises a step of encrypting the key data with each of a plurality of passwords, and writ- 
ing the encrypted key data to said storage medium, and 

said step of decoding the key data comprises a step of decoding the read/encrypted data with a password des- 
ignated. 

7. A storage medium data protecting method according to claim 1 , wherein said step of writing the encrypted key data 
to said storage medium comprises a step of encrypting the key data with one password, writing the encrypted key 
data to said storage medium, encrypting other password with one password, and writing other encrypted password, 
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said step of decoding the key data comprises a step of decoding other encrypted password with the other 
password, and obtaining the one password, and a step of decoding the encrypted key data with the one pass- 
word. 

8. A storage medium data protecting apparatus for protecting data on a storage medium, comprising: 

a storage medium; and 

a control circuit for reading and writing the data from and to said storage medium, 
wherein said control circuit has: 

a write mode of encrypting, after generating key data, the key data with a password, writing the encrypted key 
data to said storage medium, encrypting the data with the key data, and writing the encrypted data to said stor- 
age medium; and 

a read mode of decoding, after reading the encrypted key data from said storage medium, the encrypted key 
data with the password, and decoding the data on said storage medium with the decoded key data. 

9. A data protecting apparatus according to daim 8, wherein said storage medium is constructed of a storage medium 
from and to which the data is read and written per logic sector, and 

said control circuit generates the key data per logic sector on said storage medium. 

1 0. A data protecting apparatus according to claim 9, wherein said control circuit generates the key data per logic sec- 
tor when writing the data. 

11. A data protecting apparatus according to claim 8, wherein said generates the key data by combining a predeter- 
mined number of pieces of random data. 

12. A data protecting apparatus according to claim 8, wherein said control circuit decodes, after reading the encrypted 
key data from said storage medium, the encrypted key data with an old password designated by a user, and writes, 
after encrypting the decoded key data with a new password designated by the user, the encrypted key data to said 
storage medium. 

13. A storage medium data protecting apparatus according to claim 8, wherein said control circuit has: 

a write mode of encrypting the key data with each of a plurality of passwords and writing the encrypted key data 
to said storage medium; and 

a read mode of decoding the read/encrypted key data with the designated password. 

14. A storage medium data protecting apparatus according to claim 8, wherein said control circuit has: 

a write mode of encrypting the key data with one password, writing the encrypted key data to said storage 
medium, encrypting other password with one password, and writing other encrypted password; and 
a read mode of decoding other encrypted password with the other password, obtaining the one password, and 
thereafter decoding the encrypted key data with the one password. 

15. A storage medium having protected data is stored with: 

key data encrypted with a password; and 
data encrypted with the key data. 
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FIG. 8 
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FIG. 9 
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FIG. 10 
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FIG. 12 



S60 



Write request for LBA (=S0) 






S1 = ! 


50 + a 




Rearrange SO to 
RO, R1 


four 1 byte data 
R2, R3 






R = ( PS [RO] * PS [R1+256] ) * 
(PS [R2+256] + PS [R3] ) 


S65 




Encrypt the data with key R 






Write the data 


lin LBA(=S1) 



S62 



Obtain user password PW 



Read the data i 
decode the d 


n region Li and 
ata with PW1 






Read the data i 
decode the d 


n region L1 and 
ata with PW1 



S63 



Store PS [ ] 

ZD — 



22 



EP 0 950 941 A2 





FIG. 


13 






S70 








Designate old password PW1 
and new password PW1 1 






S71 








Read data from region LI and CI 




S72 




Decode the data with PW1 to obtain PS [ ] and 
decode the data in C1 with PW1 




NO 



Is PW1 valid ? 



S73 



YES 



Encrypt PS [ ] 
write ir in 


with PWV and 
region L1 


S74 




Create authent 
string DC 1 


cation character 
V with pwr 



Error 



Encrypt DC with PWV to obtain C1' 



Write CV 



23 



EPO 950 941 A2 



FIG. 14 
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